Posted
by
msmash
on Monday April 25, 2016 @01:10PM
from the snowden-effect dept.

An anonymous reader cites an article on The Intercept: The director of national intelligence on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption. "As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years," James Clapper said. The shortened timeline has had "a profound effect on our ability to collect, particularly against terrorists," he said. When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. "The projected growth maturation and installation of commercially available encryption -- what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks." Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no. "From our standpoint, it's not â¦ it's not a good thing," he said."Of all the things I've been accused of," Snowden said, "this is the one of which I am most proud."

Funny how he blames the person who exposed the criminal actions as the problem, rather than the criminals. Either way the end result is that hundreds of millions, perhaps billions of people are now less vulnerable to organized crime, directly because of Snowdens actions. Thanks Edward!

Criminals tend to blames the person who exposed the criminal actions as the problem, rather than themselves. Is James Clapper a criminal? Yes, he is. NSA can do its job without violating American civil liberties. They don't want to because its harder and takes longer than simply grabbing everything and then sorting.

it saddens me how many times i have argued this point with my parents. earliest memory of it was in grade 8, most recent was about 5 months ago when i tried to warn them about installing a cloud based video system into their house. At least i got to use the line: "what if there is somebody snooping on the non encrypted feed to your house and you guys are fucking in the living room". Sadly being former flower children they got turned on and promptly told me they had something important to attend to and made me leave.

How can encryption have "a profound effect on our ability to collect, particularly against terrorists" when they never found any terrorists [popsci.com] to begin with?

You can cite the Privacy and Civil Liberties Oversight Board’s review on section 215, and their specific quotes, this is their words, “We are aware of no instance in which the [mass surveillance] program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack."

On May 31, 2015, the most controversial aspects of Section 215 of the Patriot Act, which included the collection of phone records (among others) in bulk, expired.

President Obama did not agree with the board's decision, which was announced in January 2014: "I believe it is important that the capability that this program is designed to meet is preserved."

We can only assume that the justification for bulk collection has little to do with terrorism.

I imagine he lies awake at night worrying about losing the free world the same way that J Edgar Hoover lied awake at night worrying about losing the free world. But both of them are simply wrong.

It turns out that letting black people vote, and letting women get jobs didn't destroy America. Hoover was simply wrong about that. Sure, there were race riots in LA. And there's been a lot of yelling about cops shooting black people. But it has not spelled the end of the United States of America. Hoover's subversion of the democratic process did FAR more to threaten the USA then those actors he was trying to thwart. There was no need to spy on MLK nor run a smear campaign against him. There was no need to radicalise the black panthers and help them pull off an assassination. There was no need to run a dragnet on academics. Now, he was also trying to thwart the commie bastards. And he failed. They simply had a better spy campaign then we did. But we were ideologically better and more aligned with reality, so it didn't really matter. Give it time. Even China is capitalistic now. (More then we are, by some measures)

And terrorism? The only thing we have to fear is fear itself. 3,000 corpses in NYC is, with no disrespect to the dead, chump change in the larger picture. Simply put, these radicals have no hope of threatening the existence of the USA. The worst they can do is piss us off enough to go get a bunch of people killed in the desert (most of whom had no connection to the terrorists).

What he should lie awake at night worrying about is all of the clandestine and blatantly illegal operations he signed off on coming to light and spending the rest of his days in prison. But hell, he can bold-faced lie at a congressional hearing to a senator who has the clearance to know he's lying and still somehow not get charged with anything. So who knows how much dirt he has on everyone.

Then why doesn't he call for a weapons ban? No, seriously. Wouldn't that make the world a lot safer? If nobody had weapons but the police and military? I.e., the state? It would make sure that no criminal would have a gun. Or rather, it would make identifying the criminals much easier, for everyone who as much as tries to arm himself would count as a criminal. I mean, what does a law abiding citizen need a gun for?

And whatever answer you give to this, take the sentences above, replace "guns" and "arms" with "encryption", your answer to that questions above is pretty much my reply for your lament about encryption.

Encryption, just like guns, is something that takes control away from the government and puts it into the hands of the individual. This is called freedom, and the means to retain it. Yes, that means that criminal elements will enjoy the same freedom. That is an unfortunate side effect. History has shown us, though, that handing over freedoms for the promise of protection has failed every single time. In the end, all that happened was that you gave away freedom and received nothing in return.

Because he's American and that wouldn't go over very well? Because firearms are one of the more potent types of weapons and the right to own them is actually fairly well established and fairly well agreed on by those who have the power to make that choice? Because he's stupid but not that stupid? Because it would be political suicide to suggest such a thing while in that position? Because it's completely off-topic when talking about Snowden and he wants to rem

Let us be fair and honest. He is *accused* of such. He is not convicted of such. Nor is he, as far as I know, charged with such.

Snowden is *accused* of lots of things.

One must be aware of, and try to react to, their own biases. The innocent until proven guilty is only valuable if it applies equally to those we abhor. It can not just apply to those whom we wish to believe, those that we like, and those who are ethical in our views. The most vile of people on the planet still deserves due process.

If "The Cathedral and the Bazaar" were the only thing ESR had ever written, people might remember him more fondly. Crediting him with creating "open source software as we know it today" is a wonderful troll though.

I could not begin to list all of the crazy things ESR has written, especially since CatB. Rationalwiki has a collection [rationalwiki.org], and they do mention his non-batshit writing, but essentially everything in the last fifteen years has been a stain on his character. Honestly, even before that he was a little unhinged. He has his place in open source history, but the best that you can say about him these days is that no one listens to him.

Swartz broke an obscure law that did nothing but line the pockets of a few to the damage of many. Swartz probably did not even consider that such a thing was possible. Hell, when I read it I had a hard time imagining that this is actually illegal in a country like the US, until I realized that profit trumps any right you might think you have.

An obscure law? The dude broke into a closet and wrote customized software to make copies of things he was not authorized to copy and give them to other people who were not authorized to view them and, in the process, caused major issues to two different networks of computers. This is not the act of some petty offender who has broken an obscure law and then been hammered for it. Hell, I think they offered him something like six months?

To even mention him, in connection with Snowden, is to do Snowden a disse

Let's suppose that, tomorrow, the government declares "All encryption needs to have Government Only Backdoors." Let's also assume that everyone - through some weird quirk of fate - goes along with it instead of sparking the years-long lawsuits/protests that would actually happen. So now the government can listen in on anyone at any time. Terrorists beaten, right?

Wrong. Strong encryption is already available and can be used by anyone (yes, including terrorists) now. So they'll just use that. Or they'll use no encryption - which is how they operated in some previous attacks.

Furthermore, "Government Only Backdoors" means that the encryption has a weakness. Even if we could trust the US government not to abuse it (a HUGE assumption but let's allow it for now), how long until foreign governments got access to it (either via some official channel or by hacking their way in)? How long until various hacker groups got control of it?

Finally, there's the question of risk. Being injured/killed in a terrorist attack is an extremely low-risk event. Sure, it makes for great news and is used near-daily by politicians to scare us into supporting whatever they want, but it's not an actual thing that your average person in the US needs to worry about. On the other hand, something like Identity Theft or credit card fraud *are* something that normal people need to worry about.

Tell you what, I'll explain to the families of the next victims of the terror attacks (probably a dozen or less) why we supported encryption if you explain to the victims (likely millions) of identity theft/credit card fraud why you wanted to ban strong encryption and thus let any hacker in the world listen in on their transactions.

Except that scenario doesn't exist. It isn't like the Boston bombers, Paris attackers, Brussels attackers used encrypted communication. In the case of the Boston bombers it was the government's own incompetence that screwed those people, it isn't like Russia warned the US about those 2 ass clowns [reuters.com], well shit. Also it isn't like the leader of the Pairs attack was featured in ISIS's magazine [cbsnews.com], well fuck me. Since is has come out that the Paris attackers and Brussels attackers were in contact and seemingly related it sure seem like the authorities suck balls at doing their jobs and may be should be gathering less information on everyone and instead look into people who are interviewed by pig fuckers monthly or are told by some other country to keep an eye on. I also remember a while ago seeing that the FBI or CIA stating that encryption hasn't prevented them from getting the brake they needed in any of their cases. I would cite the article but with their recent about face and encryption being in the news a tone that appears to have been buried and I can't find it.

Could not agree more. The whole claim that surveillance is preventing terrorist attacks is nothing but a big, fat lie. They cannot even evaluate what they already have without mass-surveillance and with known suspects. How mass-surveillance is supposed to make that any better is beyond me. The only thing mass surveillance will be doing is making it even easier to terrorists to recruit. That is besides killing freedoms and making people afraid (again!) to even voice their thoughts because the authorities may

I hope you or any family members never get into a car because that's way more dangerous than any terrorists. In the entire history of the US, terrorists have killed fewer people than the number that die in car accidents in the US in one year. So, let's just give up freedoms for a tiny incremental improvement of the odds not to die a "natural" death. Of course that's also highly questionable in this case anyway because, if all the money that was spent on snooping on you, me and millions of others would be

Great point, but you might be off a tad on your estimated magnitude. A quick google search indicates that in 2014 32,675 car accident fatalities occurred. I believe a pretty good estimate of terrorist fatalities is 3,000. So for a miniscule (nil?) improvement in safety we have had our freedoms and rights decimated. Here's an interesting links for those who prefer numbers to hysteria. http://thinkbynumbers.org/gove... [thinkbynumbers.org]

First, please point out an instance of a terror attack that could have been prevented if it wasn't for the wide use of encryption, because there isn't one.

Second, the total aggregate count of people that have died to terror attacks doesn't even come close to the amount of people that die each year from choosing to smoke tobacco, so I'll take the encryption.

Haven't you noticed? They keep telling us they need X, then another terrorist attack happens anyway and they tell us if they had just had X+1 they could have stopped it. Lather,. rinse, repeat. Soon there won't be any more to give them and the terrorist attacks will continue.

Because I want my family to live, I want the NSA's domestic spying budget to be cut and re-allocated to healthcare, traffic safety, and any number of more likely causes of death.

Tell that to the families of the women and children who are murdered in the net terrorist attack that could have been prevented had the NSA been able to monitor the terrorists communications as they are supposed to.

What would you like to tell the millions of people who have their bank accounts hacked and drained by terrorists because the government took away our encryption? I guess the suicides that would cause are not important.

Oh, you have some evidence that the NSA has prevented any actual terrorist attacks? Funny, not even the NSA itself has that evidence, and there are some rather spectacular and public fails in the recent past. They do like to claim things like "50 terrorist attacks prevented in Europe", but when pressed, nothing remains. Just as with any other group of professional liars.

On the other hand, the NSA is helping in keeping terrorism strong and helps them recruit by facilitating murder-by-drone.

Not to mention that they were terrorists and tried to push the blame for their acts onto the natives. The most meaningful of events were them stealing across boats, at night, to kill on Christmas Eve during a time of supposed chivalry.

Even more important than just the spread of Encryption itself, but the fact that more and more of the non-tech community is becoming acquainted with it and why it's important. It's exciting to see people who clearly prescribe to the "I just want my technology to work" thought process to be actually caring about the underlying processes.

The important thing is that it becomes part of the feature checklist. People don't know how it works and what it can do, but they start demanding it anyway; and companies have to adapt to the market demand, or lose to their competitors.

Even more important than just the spread of Encryption itself, but the fact that more and more of the non-tech community is becoming acquainted with it and why it's important. It's exciting to see people who clearly prescribe to the "I just want my technology to work" thought process to be actually caring about the underlying processes.

well arguably that was the point. Snowden made people care and that caring is what increased the pace of encryption growth

The inconvenient thing about everyone's life becoming infinitely more visible in our little digital village is that everyone's life is infinitely more visible. Those who have the inclination can know as much as any expert in any field is willing to share, and those who have the inclination can use that expertise as they see fit.

Tread lightly, you weary giants of flesh and steel. Wading head first into/dev/null is sure to fill the bitbucket in inconvenient ways.

Snowden is not responsible for this.
Clapper and his friends in the intelligence agencies have been abusing their spy powers for years with overreaching dragnet surveillance operations.
If they were not such abusive, power hungry megalomaniacs, most people would not consider encryption a necessity.
Clapper needs to take responsibility for his own actions, and not blame people who actually do something to protect and defend the constitution that he uses as toilet paper/

The real hero is actually international consumers. The large US tech companies seem to have been willingly complicit in these surveillance operations. They only started backpedaling and offering encryption on all their services after the international community started looking outside the USA for infrastructure hosting. The American people, while i have nothing bad to say about them, would likely have just taken these revelations on the chin and done nothing (see the patriot act). So thank Snowden for the i

It was at great peril and disregard to himself and his personal safety that Edward Snowden went into hiding due to proving yet again the danger of a government left unchecked, unquestioned and ungoverned. It is my hope that he is allowed to safety one day return to the US and take his place among the countless heroes there.

Well, that's just it: how do you define security? The problem that the United States has is that computer system security and DHS anti-terrorism efforts have conflicting priorities, in no small part because we've become lazy about HUMINT.

Funny how there is enough broad historic and current data in order to analyze this trend, but they can't (will not) provide a rough estimate of how many people have their comms/metadata sucked up into their data centers... funny that.

His job is not to complain. His job is information gathering and information warfare. Remember something else: all warfare is deception. This is not my paranoia. This is established understanding of how the world works. Now see what follows if you adapt this premise.

I believe you're referencing this:
"All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near." --Sun-Tsu, "The Art of War"

The thing to realize (and the way to view) these technology-based impacts to social/public policy is that power flows back and forth between the protagonists and antagonists over decades. And the newfound power that ordinary people now have (or just began to realize) is a gradual shift from government unsupervised/unchallenged intelligence, to protection in the hands of ordinary people.

It's a refreshing public realization of what we've been giving up, unawares, because we didn't know any better. And note that it may not even last. People may forget why we need privacy, and vigilance against an all-pervasive state. They may choose to give it up in the name (not even reality) of security. Maybe there'll be another event that changes public opinion in favor of more surveillance. Or, people might gradually see the extent that stupidity/invasiveness has reached, and continue to make decisions with their wallets and votes.

But as long as this issue has been around, the balance of power has, and will continue to, ebb and flow between the struggling parties on either side. (And note, the good guys / bad guys are not always definitively on the public/individual vs. government sides -- that can swap too.)

"The projected growth maturation and installation of commercially available encryption -- what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks."

The shortened timeline has had "a profound effect on our ability to collect, particularly against citizens of the world," he said.

FTFY.

You see, Mr. Clapper, no one believes you, specially considering the fact that we don't know of any terrorists or their plots that you've been able to expose for the past 20 years. None. However we approximately know your budget and how terrorism is basically a non-issue for people 'cause the number of people dying of other causes is several magnitudes higher. This "war" on terrorism is a plot against people, not for people.

Clapper lied, under oath, to congress.He was given the questions he would be asked, in writing, before hand.He lied when asked those questions.When asked afterwards, in writing, if he wanted to amend any of his answers, he declined.He only admitted the truth after it came out in the Snowden revelations.

Note that this probably refers to civilian encryption being accelerated by seven years. Most likely many sensitive US government databases, such as the personnel database, still have the password "admin", with no encryption at all.

The underlying reasons for terrorism and whatever other perverted activities initiated by humans are not addressed, not even is the ability to look at those and recognize what is going on is remotely present!

If one group says "A", the next group says no, it is "B", where the eliminating causes actions are "C".

This Mr. Clapper is right in the middle of the blame/manipulate/denial/stroking his own butt game.

And yeah, the idea that black holes could be gateways to other universes helps a lot...

CORRECTION Your blanket, warrentless spying is the reason for the mass adoption of Encryption. If you had developed a program that was honest, forthcoming with clear and strong safeguards instead of running a clandestine black-ops style program then people would not have been so shocked and appalled and rushed to defend themselves and their communications from your greasy fingers

The shortened timeline has had "a profound effect on our ability to collect, particularly against terrorists," he said

We are all glad it had a profound effect on your ability to collect against the other people, you know, us, the innocent that you used to lie about not collecting anything.

particularly against terrorists

How would you know? It's encrypted. Unless the communication was from a know terrorist (like one featured in a magazine), in which case not doing anything but complain about their encryption is plain and simple failing at your job.

Anyway, we know you collected the communications of the terrorists you let do the attack in Paris, it was not

The fact is, the US hasn't been hit by a major attack since 9/11. That doesn't prove the security measures are effective or necessary, but it certainly doesn't discredit them. It's necessary for law enforcement to combat terrorism. There is no reason that facing terror attacks should be the price for freedom. Slashdot commenters are happy to criticize law enforcement but fail to offer better solutions to stop terrorism. If you don't like what law enforcement is doing now, what's your solution to keep terror attacks at least as infrequent as they are now?

You know prison sexual assault has increased since 9/11. I theorize that the threat of prison rape is part of what deters terrorist attacks. For them it's a zero sum game now. Die or get violated. Since dying is so hard they don't bother anymore unless they can guarantee death. So you know what I now oppose people who try to work to end prison rape. Who cares about all the innocently assaulted prisoners. It's what keeps our country safe.

The reasons why encryption is necessary for the internet to actually function are legion. The reasons why making things hard for government surveillance are likewise manifold.

I am not obligated to provide you the education to realize that private communication being private goes to the core of western democracies. I ask you this: I could use physical mail to send communication back and forth. Without a warrant, this communication cannot be read. I could also write this communication in a code, before I mail it. These facts are set. The legal protection of these papers is set. Any yet, some people believe that electronic communication should not be private. There are wonderful existing reasons why physical mail is protected. Why have we allowed governments to decide that simply because the format of communication has changed, its protection is no longer needed?

a professional spy working for a spy agency is complaining that the easy methods to gather communication are becoming obsolete, because folks are protecting their communication. Meanwhile, credit card agencies are bringing in tighter security to ensure credit cards are protected. Security is good for business. Security is good for the internet. Security is good for communication. Security is good for law enforcement. If the easy, cheap ways are beaten by simple encryption, then proper investigation is necessary. Getting permission to spend that money usually requires a warrant to justify its expenditure. Any government action/investigation that needs a warrant for justifications for invading an individual's rights will be done properly, using better tools.

I ask you this: I could use physical mail to send communication back and forth. Without a warrant, this communication cannot be read. I could also write this communication in a code, before I mail it. These facts are set. The legal protection of these papers is set. Any yet, some people believe that electronic communication should not be private. There are wonderful existing reasons why physical mail is protected. Why have we allowed governments to decide that simply because the format of communication has changed, its protection is no longer needed?

While I agree with where you want to end up, the problem is not the difference in treatment between a physical letter and an electronic one. Warrantless access in most cases is limited to metadata. Law enforcement does need a warrant to read your email (with the exception of the glaring "still on the server after 6 months" exclusion). And they haven't (yet) proposed to make it illegal to encrypt it with the software of your choice before sending. What they have done is proposed that US companies can not

I see the word "metadata" thrown around like it means something innocuous.

This makes me very disturbed.

Metadata, is data about data.

That can take a wide universe of forms. It could be something as simple as an access statistic, to a simple parity bit for each byte on media, down to full data protection correction codes to prevent corruption of the data. (say RLL encoding, or the full parity stripe set from a disk array-- or both together.)

No one here seriously has a problem with law enforcement monitoring legitimate suspects for potential risk. We *DO* have a serious problem with wholesale monitoring of personal communications, absent probable cause, in the hope of catching someone, somewhere, doing something they don't like. The notion of 'general warrants' by the British authorities was the reason for their explicit ban in the Fourth Amendment. And the whole 'Founders didn't have to deal with terrorists' argument is put to bed by a quote from Madison to Jefferson: "It is a universal truth that the loss of liberty at home is to be charged to the provisions against danger, real or pretended, from abroad."
The majority of the disrupted terror plots since 9/11 have been accomplished by old-school boots-on-ground detective work, not by signals intelligence. There is no indication that plotters like the Boston Marathon bombers, etc, that *were* sadly successful had used any crypto in their communications. The 'lone wolf' nutcase is by nature hard to track. Most of the additional screening put in place since the attacks has been window dressing ("security theater") meant to make us feel safer, not particularly contributing to actual security.
The solution to terrorism is NOT TO BE TERRORIZED, to deal with the nutjobs as just that, and refuse to turn ourselves into the sort of regulated police state they'd prefer to see.

Well considering that if one wanted to pull of a major terror attack it wouldn't require much thinking it seem that there are either very few terrorists or the ones that are here are so dumb I'm surprised they don't choke on their own tongues. Likely it is both and there are very few terrorists in the US and those that are here and the ones who are here are only slightly smarter than a jar of mayonnaise from what gets reported. If I wanted to pull off a major terror attack the simplest one I could think of

What is it about digital communications that makes it any different from written communications?

We all use the United States Postal Service to send letters, bills, renumeration for bills, etc., and none of it is subject to Government snooping. What gives them the legal right to snoop electronic communications?

Answer: nothing. There is no legal difference between me encrypting an email and sending it, and me encoding a piece of written correspondence with a one-time pad and putting a stamp on it. The Gov

Terrorism cannot be stopped. That is the whole reason why people are doing it. Even the most repressive regimes in history had terrorism. You can reduce it by not pissing off so many people, e.g. by not killing a lot of innocent bystanders with drones, but that is it. You can to an inordinate amount of damage trying to stop terrorism or by pretending to be trying to.

The iPhone 5c was well known to have a lesser encryption capability. So, you're not really hearing anything different, you're just hearing nuance which has been overblown. They wouldn't be able to use the same capability on even the 5s.

And this could be manipulation, but honestly, if your operational security methods are sane, you don't go on public statements from people like Clapper. You just assume he's fucking with you and use tried and true methods for security.